summaryrefslogtreecommitdiffstats
path: root/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
Commit message (Collapse)AuthorAgeFilesLines
* netfilter: Pass net into nf_xfrm_me_harderEric W. Biederman2015-09-181-2/+2
| | | | | | | | Instead of calling dev_net on a likley looking network device pass state->net into nf_xfrm_me_harder. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* netfilter: Pass priv instead of nf_hook_ops to netfilter hooksEric W. Biederman2015-09-181-12/+12
| | | | | | | | | Only pass the void *priv parameter out of the nf_hook_ops. That is all any of the functions are interested now, and by limiting what is passed it becomes simpler to change implementation details. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* inet netfilter: Prefer state->hook to ops->hooknumEric W. Biederman2015-09-181-7/+7
| | | | | | | | | | | | The values of nf_hook_state.hook and nf_hook_ops.hooknum must be the same by definition. We are more likely to access the fields in nf_hook_state over the fields in nf_hook_ops so with a little luck this results in fewer cache line misses, and slightly more consistent code. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* net: Change pseudohdr argument of inet_proto_csum_replace* to be a boolTom Herbert2015-08-171-2/+2
| | | | | | | | | inet_proto_csum_replace4,2,16 take a pseudohdr argument which indicates the checksum field carries a pseudo header. This argument should be a boolean instead of an int. Signed-off-by: Tom Herbert <tom@herbertland.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* netfilter: Pass nf_hook_state through nf_nat_ipv4_{in,out,fn,local_fn}().David S. Miller2015-04-041-18/+15
| | | | Signed-off-by: David S. Miller <davem@davemloft.net>
* netfilter: nat: move specific NAT IPv4 to corePablo Neira Ayuso2014-09-021-0/+199
| | | | | | | | | Move the specific NAT IPv4 core functions that are called from the hooks from iptable_nat.c to nf_nat_l3proto_ipv4.c. This prepares the ground to allow iptables and nft to use the same NAT engine code that comes in a follow up patch. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* netfilter: use IS_ENABLED() macroDuan Jiong2014-06-301-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | replace: #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) with #if IS_ENABLED(CONFIG_NF_CT_NETLINK) replace: #if !defined(CONFIG_NF_NAT) && !defined(CONFIG_NF_NAT_MODULE) with #if !IS_ENABLED(CONFIG_NF_NAT) replace: #if !defined(CONFIG_NF_CONNTRACK) && !defined(CONFIG_NF_CONNTRACK_MODULE) with #if !IS_ENABLED(CONFIG_NF_CONNTRACK) And add missing: IS_ENABLED(CONFIG_NF_CT_NETLINK) in net/ipv{4,6}/netfilter/nf_nat_l3proto_ipv{4,6}.c Signed-off-by: Duan Jiong <duanj.fnst@cn.fujitsu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* netfilter: add protocol independent NAT corePatrick McHardy2012-08-301-0/+281
Convert the IPv4 NAT implementation to a protocol independent core and address family specific modules. Signed-off-by: Patrick McHardy <kaber@trash.net>
OpenPOWER on IntegriCloud